<?php
/*
$ip = $_SERVER['REMOTE_ADDR'];
if( isset($_SERVER['HTTP_REFERER']) ) {
    $url_array = explode('http://', $_SERVER['HTTP_REFERER']);
    $url = explode('/', $url_array[1]);
    $url1 = $_SERVER['SERVER_NAME'].':'.$_SERVER["SERVER_PORT"];
    if($url1 != $url[0]) {
        exit('success');
    }
} else {
    exit('OK');
}*/
include('../Config/conn.php');

$button=$_POST['type'];
$itemid=$_POST['itemid'];
$itemname=$_POST['itemname'];
$username=$_POST['username'];
$password=$_POST['password'];
$code = $_POST['code'];
$sql = "select * from game_user where user='$username'";
$result=mysql_query($sql);
$row = mysql_fetch_assoc($result);
$code1 = $row['code'];
if ($button=="pet"){
$q="insert into pet (id,petid,petname) values('','$itemid','$itemname')";
$result=mysql_query($q);
if( $result && mysql_affected_rows() == 1 ){
        echo "ok";
    }else{
        echo "error";
    } ;
} 
elseif ($button=="pass") {
	$oldpass=md5($_POST['oldpass']);
	$newpassword=md5($password);
	$sql="select * from user where username='$username' and password='$oldpass'";
	$result= mysql_query($sql);
	if (mysql_num_rows($result)>0){
	$sql="update user set password='$newpassword' where username='$username'";
	$result= mysql_query($sql);
	if ($result && mysql_affected_rows() == 1 ) {
		echo "ok";
	}else{
		echo "error";
	}}else{
	    echo $sql;
		echo "error1";
	}
}elseif ($button=="daili") {
	$username=$_POST['username'];
	$password=$_POST['password'];
	$status = $_POST['status'];
	$daili = $_POST['daili'];
	$fencheng = $_POST['fencheng'];
	$password1 = md5($password);
	$sql = "select * from user where username='$username' or daili='$status'";
	$result=mysql_query($sql);
	$res = mysql_num_rows($result);
	if ($res == 0 ){
	$sql = "insert into user (username,password,status,daili,guishu,fencheng) values ('$username','$password1','$daili','$status','$username','$fencheng');";
	$result=mysql_query($sql);
	if( $result && mysql_affected_rows() == 1 ){
        echo "ok";
    }else{
        echo "error";
    }    
	}
	}
    elseif ($button=="daili1") {
	$username=$_POST['username'];
	$password=$_POST['password'];
	$status = $_POST['status'];
	$daili = $_POST['daili'];
	$guishu = $_POST['user'];
	$fencheng = $_POST['fencheng'];
	$password1 = md5($password);
	$sql="select * from user where username='$guishu'";
	$result=mysql_fetch_assoc(mysql_query($sql));
	$guishu_1=$result['guishu'];

	$sql = "select * from user where username='$username' or daili='$status'";
	$result=mysql_query($sql);
	$res = mysql_num_rows($result);
	if ($res == 0 ){
	$sql = "insert into user (username,password,status,daili,guishu,fencheng,guishu_1) values ('$username','$password1','$daili','$status','$guishu','$fencheng','$guishu_1');";
	$result=mysql_query($sql);
	if( $result && mysql_affected_rows() == 1 ){
        echo "ok";
    }else{
        echo "error";
    }    
	}
        
}elseif($button=="dl_edit")	
{
    $fencheng = $_POST['fencheng'];
	
	$sql="update user set daili='$code',fencheng=$fencheng where username='$username'";
	$result=mysql_query($sql);
	if( $result && mysql_affected_rows() == 1 ){
        echo "ok";
    }else{
        echo "error";
    } ;
	
}
elseif ($button == "jiesuan"){
    $username=$_POST['username'];
    $money = $_POST['money'];
    $sql = "select * from user where username='$username'";
    $result = mysql_query($sql);
	$res = mysql_fetch_assoc($result);
	$n_money = $res['n_money'];
    if ($money > $n_money ){
        echo "error";
        
    }else{
    $sql="update user set y_money=y_money+$money,n_money=n_money-$money where username='$username'";
    $result=mysql_query($sql);
	    if( $result && mysql_affected_rows() == 1 ){
        echo "ok";
    }else{
        echo "error";
    }
    }
}elseif($button == "pay3"){
    session_start();
    $account = $_POST['account'];
    $roleid = $_POST['roleid'];
    $num = $_POST['num'];
    $account1 = $_SESSION['username'];
    if ($account != $account1){
        echo "error2";
        return false;
    }
    $sql = "select * from user where username='$account'";
    $result=mysql_fetch_array(mysql_query($sql));
    $rmb=$result["money"];
    $sql = "select * from pay where pay_id=$num";
    $result=mysql_fetch_array(mysql_query($sql));
    $pay_rmb=$result["pay_rmb"];
    if ($rmb < $pay_rmb){
        echo "error1";
    }else{
        $sql = "update user set money=money-$pay_rmb where username='$account'";
        $result=mysql_query($sql);
        if(mysql_affected_rows()){
		$content = "Recharge {$roleid} {$num}";
	    $log=mysql_query("insert into pay_log1 (pay_money,roleid,username,time) values ('$pay_rmb','$roleid','$account',now())");
		
		$pid=substr($roleid,0,1 );
        
    $sql = "select * from server where serverid=$pid";
    $res =mysql_fetch_array(mysql_query($sql));
    $file = $res['file'];
    chdir($file."/logicshell");
	$shell = $content;
	$shell="./gm.sh $shell";
	exec($shell, $result, $status);
	if( $status ){
		echo "error";

	}else{
	    echo "ok";
	}
		}else{
		echo "error";
		}
    }
    
}



